GG4L specializes in development of software applications and services for educational institutions in the USA and around the world. GG4L's cloud-based, enterprise-centric services, dedicated to serving the needs of today’s educational institutions. We are looking for a high level Security Engineer.
- Evaluate and refine existing cloud infrastructure, API, and application security/availability
- Serve as a subject matter expert for cloud (AWS & other), infrastructure, API, and systems security/availability
- Serve as point person for security questionnaires related to infrastructure
- Oversee the security aspects of product development
- Monitor industry security/vulnerability notices and software updates.
- Drive keeping the platform and tools up-to-date from a security and reliability perspective
- Advocate for timely response to applying patches and mitigations for know vulnerability
- Assist development team in the design and implementation of new solutions with a focus on security, recoverability and scalability
- Evaluate and refine existing and future compliance (eg: SOC, HIPAA, ISO, FERPA, COPPA, GDPR,…) controls
- Develop and enforce control mechanisms and evolve them regularly as business or regulatory needs evolve including meeting compliance requirements, scheduling and managing audits, maintaining and updating company risk assessment and security policies
- Communicate requirements to all stakeholders including employee training and building a pro-active security culture and representing GG4L's security program and practices to clients and regulators
- Detect and prevent potential threats and manage the response including maintaining an incident response plan and scheduling and overseeing penetration testing
- Maintain and enhance role-based application access
- Ensure security controls for network architecture and development process as well as for local hardware, network and environment
- Drive adoption and proper use of security tools: intrusion detection, firewalls, log monitors, etc.
- Plan and conduct security training for the engineering and operations teams.
- BS or MS degree in engineering, computer science, or related field
- 5+ (min. 3+ for a superstar) years direct experience with the technologies and duties of this position.
- Experience working in a mission-critical, high availability, regulated, data-privacy-sensitive context
- Professional experience with AWS and at least one additional cloud provider
- Experience with security for on-premise installations
- Professional experience with monitoring tools (eg: Nagios, Cloudwatch, Prometheus,…)
- A passion for learning and keeping up to date with the latest tools and technologies
- A strong work ethic and attention to detail
- Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
- The ability to be the GG4L platform security subject matter expert who can explain technical topics to those without a technical background
- Strong critical thinking and analytical skills
- Strong project management and team-building skills, including the ability to drive projects and initiatives across functions
- Demonstrated about to use data to measure outcomes and inform decisions
- Demonstrated ability to lead by influence vs. reporting structure
- Coding and scripting expertise
- Knowledgeable about design & code reviews, release discipline, penetration testing, internal audits, and external audits.
- Excellent understanding of web application vulnerabilities (OWASP) and attacks.
- Ability to translate traditional information security best practices and defense in depth approaches to virtualized/cloud based environments.
- Designing and maintaining secure Linux web servers and bonus points for similar Windows expertise.
- Designing secure Docker containers according to best practices
- Container orchestration technologies like Kubernetes, ECS, etc.
- Automated configuration management tools (eg: Puppet, Ansible)
- Continuous integration and continuous deployment tools (Jenkins)
- Maintaining relational database systems (PostgreSQL)
- Java, Tomcat, Apache Web Server or equivalent
- Windows server, Active Directory/ADFS, Office 365, SQL Server
- Experience with Node JS architectures
- Building, managing, and securing a microservice architecture and/or other alternative architectures.
- Mission critical, high-availability, sensitive information environment
- Professional certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control, Certified Ethical Hacker, Global Information Assurance Certification, AWS certifications
EduTone Ukraine is a subsidiary of Global Grid for Learning (GG4L™), a mission-driven, membership-based collaborative with headquarters in San Francisco and an international presence in Ukraine, Ireland, and Australia. EduTone Ukraine’s office is located in Rivne.
GG4L specializes in developing software applications and services for educational institutions in the USA and around the world. GG4L’s cloud-based, enterprise-centric services, dedicated to serving the needs of today’s educational institutions.
GG4L’s global customer base includes a large presence in the English language speaking education markets where GG4L serves over 10,000 educational institutions.
DOU company page:
Job posted on
29 December 2020